Audit risk is the risk of expressing an inappropriate audit opinion on financial statements that are materially misstated.
The objective of the audit is to reduce this audit risk to an acceptably low level.
审计风险是指对有重大误报的财务报表发表不恰当的审计意见的风险。
审计的目的是将这种审计风险降低到一个可接受的低水平。
Audit risk has two key elements, as illustrated below.
审计风险有两个关键因素,如下图所示。
To reduce audit risk to an acceptably low level, the auditor is required to:
- Assess the risks of material misstatement; and
- Limit detection risk. This may be achieved by performing procedures that respond to the assessed risks of material misstatement, both at the financial statement level and at the assertion level, for classes of transactions, account balances, and disclosures.
为了将审计风险降低到可接受的低水平,审计师需要:
- 评估重大错报的风险;以及
- 限制检查风险。这可以通过执行程序来实现,以应对在财务报表层面和认定层面上对交易类别、账户余额和披露的重大错报风险的评估。
Audit Risk Components | 审计风险成分
Inherent Risk
Description: The susceptibility of an assertion about a class of transaction, account balance, or disclosure to a misstatement that could be material, either individually or when aggregated with other misstatements, before consideration of any related controls.
Commentary: This includes events or conditions (internal or external) that could result in a misstatement (error or fraud) in the financial statements.
The sources of risk (often categorised as business or fraud risks) can arise from the entity’s objectives, the nature of its operations/industry, the regulatory environment in which it operates, and its size and complexity
固有的风险
描述: 在考虑任何相关的控制措施之前,关于某类交易、账户余额或披露的断言对错报的易感性,无论是单独还是与其他错报相加,都可能是重大的。
评注: 这包括可能导致财务报表出现错报(错误或欺诈)的事件或条件(内部或外部)。
风险的来源(通常被归类为商业或欺诈风险)可能来自于实体的目标、其业务/行业的性质、其运营的监管环境以及其规模和复杂性。
Control Risk
Description: The risk that a misstatement that could occur in an assertion about a class of transaction, account balance, or disclosure and that could be material, either individually or when aggregated with other misstatements, will not be prevented, or detected and corrected, on a timely basis by the entity’s internal control.
Commentary: Management designs controls to mitigate a specified inherent (business or fraud) risk factor. An entity assesses its risks (risk assessment) and then designs and implements appropriate controls to reduce its risk exposure to a tolerable (acceptable) level.
Controls may be:
- Pervasive in nature, such as management’s attitude toward control, commitment to hiring competent people, and prevention of fraud. These controls are assessed at the financial statement level; and
- Specific to the initiation, processing, or recording of a particular transaction. These are often called business process, activity-level, or transaction controls.
控制风险
描述: 在关于某类交易、账户余额或披露的认定 (Assertion) 中可能发生的错报,以及可能是重大的错报,无论是单独的还是与其他错报合计的,都不能被实体的内部控制所防止,或不能及时发现和纠正的风险。
评注: 管理层设计控制以减轻特定的内在(业务或欺诈)风险因素。
一个实体评估其风险(风险评估),然后设计并实施适当的控制,以将其风险暴露降低到可容忍(可接受)的水平。
控制措施可以是:
- 具有普遍性,如管理层对控制的态度,对雇用合格人员的承诺,以及对欺诈的预防。这些控制是在财务报表层面上进行评估的;以及
- 具体到某项交易的启动、处理或记录。这些通常被称为业务流程、活动层面或交易控制。
Detection Risk
Description: The risk that the procedures performed by the auditor to reduce audit risk to an acceptably low level will not detect a misstatement that exists and that could be material, either individually or when aggregated with other misstatements.
Commentary: The auditor assesses the risks of material misstatement (inherent and control risk) at the financial statement and assertion levels.
Audit procedures are then developed to reduce audit risk to an acceptably low level.
This includes consideration of the potential risk of:
- Selecting an inappropriate audit procedure;
- Misapplying an appropriate audit procedure; or
- Misinterpreting the results from an audit procedure.
检查风险
描述:审计员为将审计风险降低到可接受的低水平而实施的程序不能发现存在的、可能是重大的、单独或与其他错报合在一起的错报的风险。
评论:审计师在财务报表和认定层面评估重大错报的风险(固有的和控制的风险)。
然后制定审计程序,将审计风险降低到一个可接受的低水平。这包括对以下潜在风险的考虑:
- 选择一个不适当的审计程序。
- 误用适当的审计程序;或
- 误解审计程序的结果。
Note: The ISAs define the risk of material misstatement at the assertion level as consisting of two components: inherent risk and control risk.
Consequently, the ISAs do not ordinarily refer to inherent risk and control risk separately, but rather to a combined assessment of the “risks of material misstatement.”
However, the auditor may make separate or combined assessments of inherent and control risk, depending on preferred audit techniques or methodologies and practical considerations.
注:《国际审计准则》将认定层面的重大错报风险(risk of material misstatement, ROMM) 定义为由两部分组成:固有风险和控制风险。
因此,《国际审计准则》通常不单独提及固有风险和控制风险,而是提及对 “重大错报风险 “的综合评估。然而,审计师可以对固有风险和控制风险进行单独或合并评估,这取决于首选的审计技术或方法以及实际考虑。
CONSIDER POINT
Separate business and fraud risks
Many inherent risks can result in both business and fraud risks. For example, a new accounting system may create potential for errors (business risk), but may also provide an opportunity for someone to manipulate financial results or misappropriate funds (fraud risk).
So when a business risk is identified always consider whether this also creates a fraud risk. If it does, record and assess the fraud risk separately from the business risk factors. Otherwise it is possible that the audit response will only address the business-risk element and not the fraud risk.
Recording fraud risks
Fraud is often identified through the examination of:
- Unusual patterns, exceptions and oddities in transactions/events; or
- Individual(s) with the motive, opportunity, and rationalization to commit fraud.
If such matters are observed (during any stage of the audit) they should be recorded and assessed as fraud risks, even if they seem on the surface to be immaterial. Recording such risks will help ensure they are appropriately considered when developing the audit response.
考虑要点
分离业务和欺诈风险
许多固有的风险可能导致商业和欺诈风险。例如,一个新的会计系统可能会产生潜在的错误(商业风险),但也可能为某人操纵财务结果或挪用资金提供机会(欺诈风险)。
因此,当一个商业风险被确认时,一定要考虑这是否也会产生欺诈风险。
如果是这样,就将欺诈风险与商业风险因素分开记录和评估。
否则,审计反应有可能只涉及业务风险因素而不涉及欺诈风险。
记录欺诈风险
欺诈通常是通过检查来识别的:-
- 交易/事件中的异常模式、例外情况和怪异现象;或
- 具有实施欺诈的动机、机会和合理化的个人。
如果发现这些问题(在审计的任何阶段),应将其作为欺诈风险进行记录和评估,即使它们表面上看起来并不重要。记录此类风险将有助于确保在制定审计对策时对其进行适当的考虑。
Summary of the Audit Risk Components
The following chart shows the interrelationship between risk and control.
The inherent risk bar contains all the business and fraud risk factors that could result in the financial statements being materially misstated (before any consideration of internal control).
The control risk bars reflect the pervasive and transactional control procedures put into effect by management to mitigate the risk that the financial statements are misstated.
The extent to which the control risk bars do not completely mitigate the inherent risks is often called management’s residual risk, risk appetite or risk tolerance.
审计风险组成部分的摘要
下图显示了风险和控制之间的相互关系。
固有风险栏包含了所有可能导致财务报表出现重大误报的商业和欺诈风险因素(在对内部控制进行任何考虑之前)。
控制风险栏反映了管理层为减少财务报表被误报的风险而实施的普遍性和交易性控制程序。
控制风险栏不能完全缓解固有风险的程度,通常被称为管理层的剩余风险、风险偏好或风险容忍度。
Note: The length of the bars in the exhibit would vary based on the particular circumstances and risk profile of the entity.
注:根据实体的特定情况和风险状况,展览中的条形长度会有所不同。
The chart below outlines the auditor’s role in assessing the risks of material misstatement in the financial statements and then performing responsive audit procedures designed to reduce the audit risk to an appropriately low level.
下图表概述了审计师在评估财务报表中的重大错报风险,然后执行旨在将审计风险降低到适当低水平的响应性审计程序中的作用。
Note: The length of the bars in the exhibit would vary based on the particular circumstances and risk profile of the entity, and the nature of the auditor’s response.
注:根据该实体的特定情况和风险状况以及审计师应对的性质,展览中的条形图的长度将有所不同。
Our website's articles, templates, and material are solely for you to look over. Although we make every effort to keep the information up to date and accurate, we make no representations or warranties of any kind, either express or implied, regarding the website or the information, articles, templates, or related graphics that are contained on the website in terms of its completeness, accuracy, reliability, suitability, or availability. Therefore, any reliance on such information is strictly at your own risk.
Keep in touch with us so that you can receive timely updates |
要获得即时更新,请与我们保持联系
1. Website ✍️ https://www.ccs-co.com/ 2. Telegram ✍️ http://bit.ly/YourAuditor 3. Facebook ✍
- https://www.facebook.com/YourHRAdvisory/?ref=pages_you_manage
- https://www.facebook.com/YourAuditor/?ref=pages_you_manage
4. Blog ✍ https://lnkd.in/e-Pu8_G 5. Google ✍ https://lnkd.in/ehZE6mxy
6. LinkedIn ✍ https://www.linkedin.com/company/74734209/admin/
